Chef Ideas

We believe that the best way to build software is to do it in close collaboration with the people who use it.  We invite you to submit your ideas using the form below.  Please be sure to include the problem for which you are solving and the benefits of implementing the idea.  Thanks for collaborating with us!

Build (or use a) CVE database as part of InSpec

The Pitch

Currently, InSpec relies on profiles that are handcrafted by humans and while this serves InSpec's use in an infrastructure compliance world, it does not cater to needs around vulnerability scans, unless a human decides to write a profile for a vulnerability. Linking a CVE database, along with some way to convert CVEs into InSpec profiles, will provide a more comprehensive coverage for CVEs.

The Benefit

Customers can proactively identify CVEs as they are published by Mitre.

The Value

Single place to handle all security and compliance scanning.

  • Guest
  • Jun 26 2019
  • Researching
  • Attach files
  • Craig McAndrews commented
    26 Jun 18:39

    This was the exact feedback provide by an SE recently at ChefConf